icedid | b05b352e8d009c6ee3231be0ef6032d17104bd7e2c8126b07bd811f2760eca5e | Triage

Analysis

max time kernel
124s
max time network
62s
platform
windows7_x64
resource
win7v20201028
submitted
24-03-2021 17:45

Sharing

Report Analysis Logs

General

Target

b05b352e8d009c6ee3231be0ef6032d17104bd7e2c8126b07bd811f2760eca5e.dll
Size

65KB
MD5

4c557f3f2587ff4c3056a75f0c627166
SHA1

7f69cf9ad2d9461a4130f91a05ba9799de735f09
SHA256

b05b352e8d009c6ee3231be0ef6032d17104bd7e2c8126b07bd811f2760eca5e
SHA512

41900e382f2744a6112970d5858438e7dc9aea4f4112bcaf51919215959ac8f981d7aea8fa41892dfa967ade5dd651cee080f4c61af61f14834fa0be1870f1d3

Score

10^/10

icedid 3683573724 banker loader trojan

Malware Config

Extracted

Family

icedid

Campaign

3683573724

C2

24savetonnofmaoney.xyz

Signatures

IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
trojan banker icedid

IcedID First Stage Loader 1 IoCs

Processes:

resource	yara_rule
behavioral1/memory/1340-3-0x0000000000130000-0x0000000000137000-memory.dmp	IcedidFirstLoader

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

regsvr32.exe

pid process

1340 regsvr32.exe
1340 regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\b05b352e8d009c6ee3231be0ef6032d17104bd7e2c8126b07bd811f2760eca5e.dll
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:1340

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1340-2-0x000007FEFC271000-0x000007FEFC273000-memory.dmp

Filesize
8KB

Download
memory/1340-3-0x0000000000130000-0x0000000000137000-memory.dmp

Filesize
28KB

Download